II.A.3(a) Supervision of Cybersecurity Risk
Cybersecurity is the process of protecting consumer and bank information by preventing, detecting, and responding to attacks. As part of cybersecurity, institutions should consider management of internal and external threats and vulnerabilities to protect information assets and the supporting infrastructure from technology-based attacks. In light of the increasing volume and sophistication of cybersecurity threats, examiners should focus on cybersecurity preparedness in assessing the effectiveness of an institution's overall information security program.
II.A.3 Supervision of Cybersecurity Risk and Resources
II.A.3(b) Resources for Cybersecurity Preparedness